Hello,

i have a problem stabilizing a windows domain network over different subnets.
Periodically there is a domain network on the secondary subnetwork and then there isn't. (the main network works just fine).
Everytime i ping or nslookup from the subnetwork clients they get an answer just fine, but the client computers are just not in domain network but either in private or public network.

I have two "WORK" subnets, 153.30.1.0/24 & 153.30.2.0/24 (Static) which work on top of a "Guest"(DHCP) subnetwork 192.168.1.0/24
RB1 has the addresses:
153.30.1.1
192.168.1.1

RB2 has the addresses:
153.30.2.1
192.168.1.2 (DHCP-Client)

The WORK subnetworks are connected over vpn- L2TP-VPN
The subnets are also routed as such:
RB1: 0.0.0.0/0 to ISP
153.30.2.0/24 to L2TP-VPN (Host gives 153.30.1.202 ip to client)
RB2: 0.0.0.0/0 to 192.168.1.1
153.30.1.0/24 to L2TP-VPN (connecting to 192.168.1.1)

The WORK networks have the DNS set to 153.30.1.2 (ADDNS), the routers themselves are the gateways

Also both RBs have static dns entries to 153.30.1.2

Is this configuration perhaps not even viable/is flawed? or is it more probable i have some kind on a problem with my dns server?

I'm thinking it may have something to do with dns and im not really getting how a dns works.
The way i see it is that a client asks for an address from the router the router then either give an answer back if it has one or goes to the next dns/router to ask the same question.
is this perhaps too simplistic/flawed?
in my config i have set up static dns entries, are these perhaps sometimes ignored by some reason?


Im sorry for the barebones explanation, my brains have turned to mush at the moment, please do ask for more information if needed.

Here's a late post update,
As usual the one between the monitor and the chair just didn't notice somethings that should have been noticed.

I was dst-nating dns(port 53) to the router itself and thus weirdness happened, i rerouted that to the server address and everything has been working chop chop these past two weeks.

Heres my GUESS on why this happened.
As the router has TWO dns gateways/servers, once queried it rotates the servers (DNS Robin/balancing, it may be totally wrong as Mikrotik may work in an altogether another way) that it goes to ask for dns and as the WORK and GUEST networks are isolated from one another then the dns queries from the GUEST network did not find the server in the Work network

The way i see it is that a client asks for an address from the router the router then either give an answer back if it has one or goes to the next dns/router to ask the same question.

That's common misconception. If you ask DNS resolver something, it will always answer (except timeouts or when it's dead). The answer is either what you asked for, or "it doesn't exist". And if it doesn't exist, there's no point asking elsewhere and client won't do it. In practice it means that all configured resolvers for a device must have access to same data, i.e. you can't mix resolvers for internal and public domains together.

Hello Sob,

Thank you for your insight.

However im a bit confused,
you see the secondary router was essentially a refitted clone, in configuration sense, of the main networks router, in the secondary router wily things happened with this configuration YET the main network works fine.

is it working because of broadcast?
would it be preferable in this way or should i dst-nat all the dns in the Main network also to our domain server?

If I get it right, the main server which knows about local domain is 153.30.1.2. And both routers have this server in their "/ip dns" config. The question is, do they have only this server there, or some other(s) too? E.g. 8.8.8.8 or any other public one that doesn't know about your local domain.